[takluyver]

Malware certainly exists on the Play store, but when Google spot it, they can unilaterally remove it. IIRC, they also have the ability to remove it from devices where it was already installed. The app store model probably also delivers security updates to legitimate apps more effectively than every developer managing their own distribution.

My parents are also very cautious with what they install on Windows, and I think that's a pretty good approach. But it's pretty clear that plenty of people aren't so paranoid, and it's not always easy to tell a dodgy site from a legitimate one.

[mcny]

I still think developers should not be able to upload binary blobs to the store. The store should prescribe an official set of tools and build options. Developers should be required to upload their source code and build instructions.

The store will then build the application binaries based on provided instructions, run tests to make sure the application meets store criteria, and publish it if everything looks good. Perhaps there will need to be some manual intervention when necessary but we should be able to automate things more as we see more use cases.

That and the client "store" should be decoupled from the server store and users should be able to add/remove server stores as they see fit.

[takluyver]

I would generally agree, but this puts a lot of trust in whoever is running the store: if Google/Amazon/Microsoft/Apple build and sign every application, they can quietly modify the code. It wouldn't necessarily be easy for even the developer to know that this was happening.

[johannes1234321]

why should they make it so complicated? Apple or Google can manipulate the operating system. No need to manipulate individual apps.

[takluyver]

That's broadly true, but I suspect it's a bit more difficult, at least on Android. Updating the operating system involves the company making the device (at least it used to, I'm not sure if that is changing), and it's much slower to roll out than an app update. I don't know if the extra bits like 'Google Play Services' have the necessary access to e.g. read private data from a messaging app.

As the OP is pointing out, the simple alignment of one platform with one app store is also a bit blurred. Neither Google nor Amazon control Windows. You can install the Amazon store on other Android devices. No doubt Samsung (and some other manufacturers) are trying to do their own marketplaces. And it's conceivable that in the future, they're forced to allow more competition (e.g. something like Steam for phones).

[AussieWog93]

>when Google spot it, they can unilaterally remove it.

Microsoft can achieve the same goal already through Windows Defender. My app was recently flagged as a trojan (false positive) and it would be wiped from users' computers before they could even run it.

>they also have the ability to remove it from devices where it was already installed.

That Microsoft can't do, but I'm not really sure that it's a good thing...

>The app store model probably also delivers security updates to legitimate apps more effectively than every developer managing their own distribution.

Citation needed there.

[colejohnson66]

That last one (the “citation needed”) is solved by stores that have auto-updaters. When a store isn’t used, it’s up to the app developer to provide a notification of an update being available, and many don’t do that.

Linux’s package manages show that quite well. I can update (almost) all my packages with a simple command. On Windows, if Inkscape has a security vulnerability that an update fixes, I'm not informed of this unless I follow the development or use an RSS feed of sorts.

[takluyver]

Agreed. Of course it's possible in theory for every developer to have their own secure, reliable auto-update mechanism. But it's not easy - the docs of The Update Framework describe some of the challenges.

If every app handles its own updates, that also means that either you've got N background auto-updaters running, or the check has to wait until you run the software - and potentially get exploited by a hole patched in the update it's just downloading.